One third Dutch companies susceptible to data breaches due to poor compliance

the editorial team

8 April 2024

More than a third of all Dutch companies failed a compliance audit in the past 12 months. As a result, they are ten times more likely to suffer a data breach. Ten percent of Duch companies became victim of a ransomware attack in 2023. Of all those, only four percent paid a ransom, according to Thales in its most recent Data Threat Report.

The report points to a very clear link between compliance and data security. Of all global companies that failed a compliance audit in the past 12 months, 31 percent became victims of a data breach in the same year. That was true for only three percent of respondents who had passed their audit.

Just under a third (30 percent) of all Dutch organizations are able to fully classify their data. However, 18 percent said they classify very little or no internal data at all.

The use of multi-cloud services and changes in global privacy and data protection regulations are making data sovereignty a top priority for companies. Of those surveyed, 28 percent see mandatory external key management as the primary means of ensuring this. Furthermore, 39 percent say data storage location would no longer be an issue as long as there is external encryption/key management and segregation of duties.

The report also mapped which new technologies IT and security professionals are most concerned about. 38 percent of Dutch respondents see the cloud and DevSecOps as a huge concern. This is closely followed by digital sovereignty (36%) and post-quantum cryptography (25%).

In the Netherlands, exploitation of known vulnerabilities (34%) and human error (27%) are the leading causes of data breaches in the cloud.

Globally, malware is the fastest growing cyber threat. Of companies, 41 percent experienced a malware attack in the past year, followed directly by phishing and ransomware attacks. Cloud IT assets such as SaaS applications, cloud storage environments and cloud infrastructure management solutions remained the primary target of these attacks.

Of all respondents, 93 percent believe cyber threats are increasing in number or severity, up from 47 percent in the previous year.

“Companies need to know exactly what they are trying to protect. With global privacy and data protection guidelines constantly changing, they need a thorough overview of all the data within their organization. Only then will they stand a chance of remaining compliant with legal and regulatory requirements,” said Sebastien Cano, senior vice president of Cloud Protection & Licensing at Thales.

About the survey

The report is based on a survey of nearly 3,000 IT and security professionals in 18 countries, of which 105 respondents in the Netherlands. The respondents worked in 37 different industries.